<?php
(!defined('IN_SYSTEM') || !defined('ADMIN_PRE')) && exit('Access Denied!');
$f = isset($_REQUEST['f'])?$_REQUEST['f']:'index';
if(!in_array($f,array('index','check','nocheck','delete','ajax_check','ajax_edit'))){
	exit('Access Denied!');
}
if(isset($_G['usergroup']['access']["com$f"]) && !ican("com$f")){
	msg('没有权限');
}
$m = new CommentModule;
$m->$f();
class CommentModule
{
	function index() {
		global $_G;
		$mod = getGP('mod','G') == 'list' ? 'list' : 'desc';
		$no_check_num = $_G['db']->result("SELECT COUNT(*) AS num FROM ".DB_PREFIX."comment WHERE status = 0");
		$wheresql = '';
		$page = max(1, getGP('page','G','int'));
		$pagesize = 10;
		$offset = ($page - 1) * $pagesize;
		$url = 'admin.php?m=comment&mod='.$mod;
		
		if (getGP('check','G') == 'yes') {
			$wheresql .= " AND a.status = 1";
			$url .= '&check=yes';
		} elseif (getGP('check','G') == 'no') {
			$wheresql .= " AND a.status = 0";
			$url .= '&check=no';
		}
		if ( $keyword = getGP('keyword','G') ) {
			$wheresql .= " AND (a.content LIKE '%$keyword%' OR a.username LIKE '%$keyword%' OR a.email LIKE '%$keyword%')";
			$url .= '&keyword='.rawurlencode($keyword);
		}
		if ($aid = getGP('aid','G','int')) {
			$wheresql .= " AND a.referid = '$aid'";
			$url .= '&aid='.$aid;
		}
	
		$num = $_G['db']->result("SELECT COUNT(*) AS num FROM ".DB_PREFIX."comment a WHERE type = 0 $wheresql");
	
		$result = $_G['db']->fetch_all("SELECT a.*,b.title,b.dateline AS arttime FROM ".DB_PREFIX."comment a LEFT JOIN ".DB_PREFIX."article b ON a.referid = b.aid WHERE a.referid > 0 $wheresql ORDER BY a.cid DESC LIMIT $offset, $pagesize");
		include admintemplate('comment');
	}
	function check(){
		global $_G;
		$idarr = getGP('id','P','array');
		$aidarr = array();
		foreach ($idarr as $id) {
			if ($aid = $_G['db']->result("SELECT referid FROM ".DB_PREFIX."comment WHERE cid = '$id'")) {
				$_G['db']->query("UPDATE ".DB_PREFIX."article SET comments = comments + 1 WHERE aid = '$aid'");
				if ( create_html() ) {
				}
			}
			$_G['db']->query("UPDATE ".DB_PREFIX."comment SET status = 1 WHERE cid = '$id'");
		}
		recache('lastest_comment');
		msg('操作成功');
	}
	function nocheck(){
		if(!ican('comcheck')){
			msg('没有权限');
		}
		global $_G;
		$idarr = getGP('id','P','array');
		$aidarr = array();
		foreach ($idarr as $id) {
			if ($aid = $_G['db']->result("SELECT referid FROM ".DB_PREFIX."comment WHERE cid = '$id'")) {
				$_G['db']->query("UPDATE ".DB_PREFIX."article SET comments = comments - 1 WHERE aid = '$aid'");
				if ( create_html() ) {
				}
			}
			$_G['db']->query("UPDATE ".DB_PREFIX."comment SET status = 0 WHERE cid = '$id'");
		}
		recache('lastest_comment');
		msg('操作成功','admin.php?m=comment');
	}
	function delete(){
		global $_G;
		if ($id = getGP('id','G','int')) {
			$aid = $_G['db']->result("SELECT referid FROM ".DB_PREFIX."comment WHERE cid = '$id'");
			$_G['db']->query("DELETE FROM ".DB_PREFIX."comment WHERE cid = '$id'");
			$count = $_G['db']->result("SELECT COUNT(*) FROM ".DB_PREFIX."comment WHERE status = 1 AND referid = '$aid'");
			$_G['db']->query("UPDATE ".DB_PREFIX."article SET comments = '$count' WHERE aid = '$aid'");
			if ( create_html() ) {
			}
			recache('lastest_comment');
			exit('success');
		} else {
			$idarr = getGP('id','P','array');
			foreach ($idarr as $id) {
				$aid = $_G['db']->result("SELECT referid FROM ".DB_PREFIX."comment WHERE cid = '$id'");
				$_G['db']->query("DELETE FROM ".DB_PREFIX."comment WHERE cid = '$id'");
				$count = $_G['db']->result("SELECT COUNT(*) FROM ".DB_PREFIX."comment WHERE status = 1 AND referid = '$aid'");
				$_G['db']->query("UPDATE ".DB_PREFIX."article SET comments = '$count' WHERE aid = '$aid'");
				if ( create_html() ) {
				}
			}
			recache('lastest_comment');
			msg('操作成功', 'admin.php?m=comment');
		}
	}
	function ajax_check(){
		if(!ican('comcheck')){
			exit(json_encode(array("type"=>"error","data"=>"没有权限")));
		}
		
		global $_G;
		$id = getGP('id','G','int');
		$output = array();
		if ($id) {
			if ($comment = $_G['db']->fetch_one_array("SELECT referid,status FROM ".DB_PREFIX."comment WHERE cid = '$id'")) {
				$output['type'] = 'success';
				if ($comment['status']) {
					$_G['db']->query("UPDATE ".DB_PREFIX."comment SET status = 0 WHERE cid = '$id'");
					$_G['db']->query("UPDATE ".DB_PREFIX."article SET comments = comments - 1 WHERE aid = '$comment[referid]'");
					$output['data'] = 'nocheck';
				} else {
					$_G['db']->query("UPDATE ".DB_PREFIX."comment SET status = 1 WHERE cid = '$id'");
					$_G['db']->query("UPDATE ".DB_PREFIX."article SET comments = comments + 1 WHERE aid = '$comment[referid]'");
					$output['data'] = 'check';
				}
				if ( create_html() ) {
				}
				recache('lastest_comment');
			} else {
				$output['type'] = 'error';
				$output['data'] = '评论不存在。';
			}
		} else {
			$output['type'] = 'error';
			$output['data'] = '缺少ID参数。';
		}
		exit(json_encode($output));
	}
	function ajax_edit(){
		global $_G;
		$id = getGP('id','P','int');
		$content = nl2br(getGP('content','P'));
		$output = array();
		if ( $id ) {
			$_G['db']->query("UPDATE ".DB_PREFIX."comment SET content = '$content' WHERE cid = '$id'");
			$output['type'] = 'success';
		} else {
			$output['type'] = 'error';
			$output['data'] = '更新失败';
		}
		exit(json_encode($output));
	}
}
?>